where ID_LEN is 32 elements long, MAX_SUITE_SZ 64 and RAN_LEN (Random)
is 32.
The ProcessOldClientHello function called when an old version of the
Hello packet is received doesn't have the needed checks for limiting
the amount of data which will fill these 3 fields leading to a
buffer-overflow vulnerability exploitable for executing code remotely.

Another buffer-overflow is located in the function used for handling
the normal Hello packet but in this case doesn't seem possible (or
easily possible) to exploit this vulnerability for executing code.